-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-21:24.libcrypto                                      Errata Notice
                                                          The FreeBSD Project

Topic:          OpenSSL 1.1.1e API functions not exported

Category:       core
Module:         libcrypto
Announced:      2021-08-24
Affects:        FreeBSD 12.2 and later.
Corrected:      2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
                2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
                2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
                2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

libcrypto is part of the OpenSSL distribution and provides APIs to
various low-level cryptographic services.

II.  Problem Description

New API functions added in OpenSSL 1.1.1e and later were not publicly
exported to applications.

III. Impact

Applications trying to use new API functions added in OpenSSL 1.1.1e
or later would fail to build with a link error.

IV.  Workaround

No workaround is available.  However, the APIs added in OpenSSL 1.1.1e
and later are obscure and not used by many applications.  In particular,
none of the affected APIs are used by applications using libssl from
OpenSSL for Transport Layer Security (TLS).

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-21:24/libcrypto.patch
# fetch https://security.FreeBSD.org/patches/EN-21:24/libcrypto.patch.asc
# gpg --verify libcrypto.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              f8edb3f9c725    stable/13-n245963
releng/13.0/                            3ef67fed446a  releng/13.0-n244754
stable/12/                                                        r369974
releng/12.2/                                                      r370391
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:24.libcrypto.asc>
-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmEld0MACgkQ05eS9J6n
5cLKGA/4tqEmLXl/XhstAAcrNTaNlwbtlHPThr5PNb6OST342Nz4lDrjJ605jWKb
bW1z0BX96V25CdopVB/z7tVdRlooQG4EKqmOqD75xjwOtjCpbUmfUSdriu7yKUmX
NhSUpzltfgvNA0nQfn2Zf0H/VWae/shB9NvF6kEvJefcs9f+h0RJm6PV9mO6evUS
MjyFs59w0rZ9kWqdCBKlmAfqIMZAFV7BgCEOlUJZpwVcidHp49VSWR5PzZZSawZs
wV2dVlotsuP6eUJlMDQGJMNpQPlLMoOqgJCoYTKLR6xorrfBLJbBVnvQbb03IABq
pK4bRqJIdlT/YDO4AAzh+09hHzQYTam7MCdG150fL2rwEJpn4Cp0CbEU1p24HYkL
ZS+82BJ9jM79Xsjyuuqwn82MlOc0228paVaeqhPmlER5EOKQuS1MmrORoa4wLjg3
NkKzVSynovxuNXjAXFY7BPH9CJowupXOf/fRL6qy6io14jXaNVQnJCJy3ouupRIn
v/z6JBRm6r7UVyOTSmKDzEjEBqz0mM18MsqpO7IFm0/EimY/Cl0tikuN8PKaUn5q
zBt+hzWU52bcZlWoGIfHjeFCpnfVZNbwXJYRF4RfcvSRRCrIjqlJKTToeJpyL2qw
fMsGXn7xH4dzuXAHr1KtAH8Krk2qATEfIScVR2DDHZLq0oNMZw==
=IdtZ
-----END PGP SIGNATURE-----
